Ubuntu.comUB:CVE-2021-27851CVE-2021-27851
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%
A security vulnerability that can lead to local privilege escalation has
been found in ’guix-daemon’. It affects multi-user setups in which
’guix-daemon’ runs locally. The attack consists in having an unprivileged
user spawn a build process, for instance with guix build, that makes its
build directory world-writable. The user then creates a hardlink to a
root-owned file such as /etc/shadow in that build directory. If the user
passed the --keep-failed option and the build eventually fails, the daemon
changes ownership of the whole build tree, including the hardlink, to the
user. At that point, the user has write access to the target file. Versions
after and including v0.11.0-3298-g2608e40988, and versions prior to
v1.2.0-75109-g94f0312546 are vulnerable.
Bugs
References
git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/
issues.guix.gnu.org/47229
launchpad.net/bugs/cve/CVE-2021-27851
nvd.nist.gov/vuln/detail/CVE-2021-27851
security-tracker.debian.org/tracker/CVE-2021-27851
www.cve.org/CVERecord?id=CVE-2021-27851
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
5.1%